<?php

/**
 * 2017年6月7日11:21:36
 * PDO SAFE
 */

include 'common.php';
$username = $_COOKIE['username'];
$token = $_COOKIE['token'];

$content = $_REQUEST['content'];
$wishid = $_REQUEST['wishid'];
$parentid = $_REQUEST['parentid'];

$dbc = pdo_root_connect();

//$conn = connect2db();
//$result = mysql_query("select * from userinfo where username='$username' and token='$token'");

$stmt = $dbc->prepare('select * from userinfo where username=:username and token=:token');
$stmt->bindParam(':username', $username);
$stmt->bindParam(':token', $token);
$stmt->execute();

if($stmt->rowCount() > 0){
	$errorcode = 5;
	//用户验证完成
	$hasWish = $dbc->prepare('select * from userwish where id=:wishid');
	$hasWish->bindParam(':wishid', $wishid);
	$hasWish->execute();
//	$queryHasWish = mysql_query("select * from userwish where id='$wish_id'");
//	$hasWish = mysql_num_rows($queryHasWish);
	if($hasWish->rowCount() > 0)
	{
		/* $result2 = mysql_query("insert into comment (parent_id, wish_id, status, username, content, create_time) values 
			('$parent_id', '$wish_id', '0', '$username', '$content', '$time')");*/
		$insertWish = $dbc->prepare('insert into comment (parent_id, wish_id, status, username, content, create_time) values
		(:parentid, :wishid, 0, :username, :content, unix_timestamp(now()))');
		$insertWish->bindParam(':parentid', $parentid, PDO::PARAM_INT);
		$insertWish->bindParam(':wishid', $wishid, PDO::PARAM_INT);
		$insertWish->bindParam(':username', $username);
		$insertWish->bindParam(':content', $content);
		$insertWish->execute();
		
		if($insertWish->rowCount() > 0){
			$errorcode = 1;
		}else{
			$errorcode = 2;
		}
	}
		
}else
{
	$errorcode = 3;
}
echo json_encode(array('errorcode'=>$errorcode));
?>